Security Decisions for Cyber-Physical Systems based on Solving Critical Node Problems with Vulnerable Nodes
This work addresses security decision-making for cyber-physical production systems, which are vulnerable to attacks, by introducing a novel computational approach to isolate devices, though it appears incremental as it adapts an existing problem to a new domain.
The paper tackles the problem of isolating a limited number of devices in cyber-physical systems during cyberattacks to avoid full shutdowns, proposing a concept based on solving the Critical Node Cut Problem with Vulnerable Vertices (CNP-V) and evaluating it as the first application of CNP-V in cybersecurity.
Cyber-physical production systems consist of highly specialized software and hardware components. Most components and communication protocols are not built according to the Secure by Design principle. Therefore, their resilience to cyberattacks is limited. This limitation can be overcome with common operational pictures generated by security monitoring solutions. These pictures provide information about communication relationships of both attacked and non-attacked devices, and serve as a decision-making basis for security officers in the event of cyberattacks. The objective of these decisions is to isolate a limited number of devices rather than shutting down the entire production system. In this work, we propose and evaluate a concept for finding the devices to isolate. Our approach is based on solving the Critical Node Cut Problem with Vulnerable Vertices (CNP-V) - an NP-hard computational problem originally motivated by isolating vulnerable people in case of a pandemic. To the best of our knowledge, this is the first work on applying CNP-V in context of cybersecurity.